Multi-collision resistance: a paradigm for keyless hash functions.

We study the notion of multi-collision resistance of hash functions -a natural relaxation of collisionresistance that only guarantees the intractability of finding many (rather than two) inputs that map ... An appealing feature of such hash functions is that unlike their collision-resistant counterparts, they do not necessarily require a key. ... We also thank Benny Applebaum, John Steinberger, and Avi Wigderson for valuable discussions. ...

doi:10.1145/3188745.3188870 dblp:conf/stoc/BitanskyKP18 fatcat:wkozeczwgvhz7cmwj6ev4nmuki

First, we compare the new eTCR property with the well-known collision resistance (CR) property, where both properties are considered for a dedicated-key hash function. ... Enhanced Target Collision Resistance (eTCR) property for a hash function was put forth by Halevi and Krawczyk in Crypto 2006, in conjunction with the randomized hashing mode that is used to realize such ... We would like to thank the anonymous reviewers of FSE 2009 for their insightful comments and suggestions. ...

doi:10.1007/978-3-642-03317-9_20 fatcat:4vtxcbb75vhmrhduuovfchvaly

The eTCR property, introduced by Halevi and Krawczyk [HK06], is a natural fit for hash-and-sign signature schemes, offering an attractive alternative to collision-resistant hash functions. ... We answer the question of Reyhanitabar et al. from FSE'09 of constructing a domain extension scheme for enhanced target collisionresistant (eTCR) hash functions with sublinear key expansion. ... The main difficulty in using TCR hashes as a drop-in replacement for broken or vulnerable collision-resistant functions is in handling the key, since the TCR hashes are keyed unlike keyless collision-resistant ...

doi:10.1007/978-3-642-13858-4_9 fatcat:3dfop6yderbphclg77xmez3wla

The conventional keyless provably secure hash functions MD-5, SHA-2 and SHA-3 use RO or Sponge principles for the design and construction of hash function. ... The results prove that, the new prototype helps the block iterated hash function to exhibit strong random behavior even for a small bit flip in the input. ... The properties are given as follows:  Collision Resistance-For any two different messages x and y , H(x) # H(y).  Pre-Image Resistance-For a given hash value H(x) an adversary should not find y such ...

doi:10.35940/ijeat.f1196.0886s19 fatcat:roraxkwunndixcxlis2qfm5gm4

Open Access

Therefore, the proposed design could be considered as a more suitable alternative for the conventional keyless digest function in the perspective of security. ... The proposed design uses a higher-order two-variables polynomial function to establish the hash output. ... These properties would help the hash function to strenuously resist hash collisions to be considered for integrity related applications. ...

doi:10.35940/ijrte.b2376.078219 fatcat:n3vhrx2eqvdtllw4umqudfv2bu

Open Access

Moreover, the leakage integrity bound is asymptotically optimal in the multi-user setting. ... (iii) It can be implemented with a remarkably low energy cost when strong resistance to side-channel attacks is needed, supports online encryption and handles static and incremental associated data efficiently ... For MAC designs, a similar situation appears: during the input-absorbing phase, keyless crypto hash functions are preferred to the typically more efficient universal hash functions. ...

doi:10.13154/tches.v2020.i1.256-320 dblp:journals/tches/BertiGPPS20 fatcat:kqbuclxmdjdcxn4ai4ihgsa7ce

DOAJ OJS

This paper is a revised and expanded version of a paper entitled 'Keyless signature infrastructure and PKI: hash-tree signatures in pre-and post-quantum world' presented at the ... Reference to this paper should be made as follows: Buldas, A., Laanoja, R. and Truu, A. (2017) 'Keyless signature infrastructure and PKI: hash-tree signatures in pre-and post-quantum world', Int. . ... which means that hash functions seem to be quantum-immune (in the sense of collision resistance). ...

doi:10.1504/ijstm.2017.081881 fatcat:a27mw6daonedtl5t6rwlirgnya

We also provides the first rigorous methodology for the leakage-resistance of sponge/duplex-based AEs based on a minimal non-invertibility assumption on leakages, which leads to various insights on designs ... To address this challenge, our first contribution is to investigate the leakage-resistance of a generic duplex-based stream cipher. ... Thomas Peters is a postdoctoral researcher and François-Xavier Standaert is a senior research associate of the Belgian Fund for Scientific Research (F.R.S.-FNRS). ...

doi:10.13154/tosc.v2020.i1.6-42 dblp:journals/tosc/GuoPPS20 fatcat:rqfvudal2re6znqzn7umrtdxnm

DOAJ OJS

values than H, while only inheriting the collision-resistance guarantees for the shorter output. ... For this reason, this paper puts forward a completely modular and fault-tolerant approach to the construction of a full-fledged hash function from an underlying simpler hash function H and a further primitive ... Introduction Multi-Property Hash Functions. ...

doi:10.1007/978-3-642-10366-7_22 fatcat:2m2yzm2ysjcjtlwjh3lhuulo5e

guarantees on the hash function, in particular producing a hash function that fails to be even collision-resistant (CR) even though the compression function to which the transform is applied is CR. ... We suggest that the appropriate goal of a domain extension transform for the next generation of hash functions is to be multi-property preserving, namely that one should have a single transform that is ... Acknowledgments We would like to thank Thomas Shrimpton for valuable feedback on an earlier draft of this paper and Donghoon Chang for pointing out a mistake in an earlier proof of Lemma 5.1. ...

doi:10.1007/11935230_20 fatcat:xrvcfv4tqvgvvkioxdcvtaac7m

While five round ZK proofs for NP are known from standard assumptions [Goldreich-Kahan, J. ... Our main result is that three round private-coin ZK proofs for NP do not exist (even w.r.t. non-black-box simulation), under certain assumptions on program obfuscation. ... Five-round ZK proofs are known based on collision-resistant hash functions [29] , and four-round -ZK proofs were recently constructed based on keyless multi-collision-resistant hash functions [14] . ...

doi:10.1007/978-3-319-78372-7_1 fatcat:zzyy7azajvdyvnfdip74wg7m2a

Standard hash functions are expected to satisfy key-robustness and PRF security, and hence suffice for practical instantiations. ... We however provide further theoretical justifications (in the standardmodel) by constructing robust PRFs from (left-and-right) collision-resistant PRGs. ... [FLP14] give a multi-property combiner for hash function that is above to simultaneously preserve multiple security properties of input hash functions, including collision-resistance and pseudorandomness ...

doi:10.46586/tosc.v2017.i1.449-473 fatcat:d7vmwtelnngtnbao33znw3wo3e

DOAJ OJS

Standard hash functions are expected to satisfy key-robustness and PRF security, and hence suffice for practical instantiations. ... We however provide further theoretical justifications (in the standardmodel) by constructing robust PRFs from (left-and-right) collision-resistant PRGs. ... [FLP14] give a multi-property combiner for hash function that is above to simultaneously preserve multiple security properties of input hash functions, including collision-resistance and pseudorandomness ...

doi:10.13154/tosc.v2017.i1.449-473 dblp:journals/tosc/FarshimOR17 fatcat:instduhoojfrdjga6tmxdjsyky

DOAJ OJS

(multi-user) security of its building blocks. ... Our results enable a theoretically sound selection of parameters for TLS 1.3, even in large-scale settings with many users and sessions per user. ... Acknowledgements We thank the anonymous reviewers for their extensive and valuable comments that helped to improve the presentation of the paper a lot. ...

doi:10.1007/s00145-021-09388-x fatcat:vhz6kgeejfd7tgfvbowgjbrfne

Open Access

A popular paradigm for achieving privacy plus authenticity is to append some "redundancy" to the data before encrypting. The redundancy is computed by applying a redundancy function to the data. ... We investigate the security of this paradigm at both a general and a specific level. ... Acknowledgments We thank Hugo Krawczyk for helpful comments on a previous version of this paper. We thank Daniele Micciancio for helpful discussions. ...

doi:10.1007/3-540-44987-6_31 fatcat:nsdxoiynybe3pawyyuvw3dxha4

Multi-collision resistance: a paradigm for keyless hash functions

Preserved Fulltext

Enhanced Target Collision Resistant Hash Functions Revisited [chapter]

Preserved Fulltext

Domain Extension for Enhanced Target Collision-Resistant Hash Functions [chapter]

Preserved Fulltext

Design of Random Oracle for Block Iterated One-Way Ciphers Through Polynomial Functions

Preserved Fulltext

Design of Dynamic Digest through Polynomial Product for Improved Avalanche Effect on Keyless Hash Function

Preserved Fulltext

TEDT, a Leakage-Resist AEAD Mode for High Physical Security Applications

Preserved Fulltext

Keyless signature infrastructure and PKI: hash-tree signatures in pre- and post-quantum world

Preserved Fulltext

Towards Low-Energy Leakage-Resistant Authenticated Encryption from the Duplex Sponge Construction

Preserved Fulltext

A Modular Design for Hash Functions: Towards Making the Mix-Compress-Mix Approach Practical [chapter]

Preserved Fulltext

Multi-Property-Preserving Hash Domain Extension and the EMD Transform [chapter]

Preserved Fulltext

On the Existence of Three Round Zero-Knowledge Proofs [chapter]

Preserved Fulltext

Security of Symmetric Primitives under Incorrect Usage of Keys

Preserved Fulltext

Security of Symmetric Primitives under Incorrect Usage of Keys

Preserved Fulltext

On the Tight Security of TLS 1.3: Theoretically Sound Cryptographic Parameters for Real-World Deployments

Preserved Fulltext

Does Encryption with Redundancy Provide Authenticity? [chapter]

Preserved Fulltext